CN104239757A

CN104239757A - Application program reversing-preventing method and device and operation method and terminal

Info

Publication number: CN104239757A
Application number: CN201410521806.5A
Authority: CN
Inventors: 张立春
Original assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd
Priority date: 2014-09-30
Filing date: 2014-09-30
Publication date: 2014-12-24
Anticipated expiration: 2034-09-30
Also published as: CN104239757B

Abstract

The invention provides an application program reversing-preventing method and device and an operation method and terminal. The application program reversing-preventing method comprises the steps that files comprising executable codes are obtained from an application program; the files comprising executable codes are compressed, the compressed files and additional data are generated, the additional data are used for restoring and operating the executable codes in the compressed files in an internal storage where the application program operates, and the additional data are also used for preventing reverse checking of the executable codes; and according to the compressed files and the additional data, an alternate file is generated, and the alternate file is used as a file comprising the executable codes in the application program. The reinforcing increments generated during a reinforcing process of the application program in the prior art can be reduced, and meanwhile reverse checking of the executable codes in the application program can be prevented.

Description

Application program prevents reverse method and device, operation method and terminal

Technical field

The present invention relates to safety technique, particularly relate to a kind of application program and prevent reverse method and device, operation method and terminal.

Background technology

Growing along with mobile-terminal platform, third party application emerges in multitude, to the piracy of third-party application with to beat again bag phenomenon day by day serious.Its reason is mainly, there is the multiple common software that application file is decompressed on the market at present, utilizing after these softwares decompress to application file, plaintext character string in application source code, library function call, Core Feature function etc. all leak, and make the reverse-engineering of illegal developer to the piracy of third party application or Core Feature all become simple.

For preventing application from being distorted by decompiling, malice, also protection application data message can be carried out by the method for reinforcing and be not stolen.The reinforcing of so-called application program refer generally to employing add shell, hidden, the means such as to obscure source program code be encrypted, do not affect the normal operation of application file simultaneously.

But; adopt existing reinforcement means that application file usually can be made to increase (generally minimum for 8% to 9%) with certain proportion, take more storage space (or being called " reinforcing increment ") after reinforcing; thus can impact the efficiency of the operation of application file, storage and transmission, what be unfavorable for applying uses and promotes.

The safety encryption of multiple Android application has been there is in prior art, by being encrypted Android application, anti-decompiling, the reinforcement measures such as anti-Code obfuscation, but the scheme adopted due to reinforcement means is different, the effect of reinforcing is also different, some can not reach the effect preventing Brute Force after reinforcing, such as first existing a kind of reinforcement means encrypts the executable file dex of original program bag, then the dex file of agency is generated in the large module information of extraction four, original program dex is dynamically deciphered when program performs, but such cipher mode, encrypted packet is separated with former bag, former bag is only encrypt file, internal memory unloading can be easily passed through and realize cracking of program, consolidation effect is limited.

Current, in android system, an application can installed, run, needs the APK file form being packaged into android system.APK is the abbreviation of Android application package file, is called for short APK file, i.e. Android installation kit, also can be understood as the application software that Android terminal is installed.APK file is ZIP file layout in fact, but suffix name is modified to APK, can be seen the file structure of its inside by modes such as instrument decompress(ion)s, as shown in table 1:

The file structure of table 1 APK file inside

Android installation kit (APK file) is generally downloaded by Android application market, is installed on mobile phone, also can be installed from PC by the mode of the data line interfaces such as USB data line or Wireless Data Transmission.Virus on Android, wooden horse and other Malwares want the mobile phone entering user, also must be packaged into the form of APK.Conversely speaking, if not a legal APK file, it just cannot be installed on user mobile phone, also would not produce harm to user.Based on this point, antivirus engine just the target tightening of killing to in the scanning of APK file, thus can improve the efficiency of scanning greatly.

So, which information in Android installation kit (APK file) as the emphasis of scanning, can present application has been analysis for this problem, specific as follows:

1) bag name

Android operation system is managed the APK that each is installed by the bag name (package name) of APK." bag name " is that the one mutually corresponding with application identifies, and has fixing name style.The bag name of such as certain Android installation kit is com.qihoo360.mobilesafe.Android system requires that a unique bag name is stated in each application.If the bag name of certain existing application is repeated in the bag name of the APK installed and current phone, so android system can be refused to install.Malware under Android platform also needs statement bag name, and therefore, bag name just can as the key character identifying Malware.

2) digital signature

For the object of security, android system requires that each APK will comprise digital signature (digital signature).Android system can check that when installing APK file whether the digital signature of the inner each file of APK is consistent with the digital signature that it presets, if inconsistent, or there is no digital signature, then think that file is tampered, refuse the installation and operation of this APK.Malware under Android platform is no exception, so the digital signature of APK file also can as the key character identifying Malware.

3) access information of each module listed in AndroidManifest.xml

AndroidManifest.xml is each APK file necessary global description file, and the inside lists in Android installation kit the access information of each module applied.In android system, the module only listed in AndroidManifest.xml, can by system call.Wooden horse under Android platform, often disguise oneself as normal application or deceive users installation of playing, a lot of wooden horse is wherein had to colonize in an application normally or game exactly, when user's bootup window, look it is original software or game, but the wooden horse module colonized in wherein was just activated on suitable opportunity, thus infect the mobile phone of user.And because android system requires all modules all will to list in AndroidManifest.xml, this just improves important clue for finding parasitic wooden horse.Therefore, the information of each module listed in AndroidManifest.xml is also the key character identifying Malware.

4) dex file and ELF file

Android application is normally developed with Java language, it becomes binary bytecode (byte code) with after the compiling of Android developing instrument, these bytecodes are packaged into classes.dex file, explain execution by the Dalvik virtual machine of Android platform.In order to call android system function, android system provides a set of running environment (Android Framework), and each function of Android application call system is all that the storehouse by calling Android Framework realizes.

On the other hand, android system also support application program directly run by JNI (Java Native Interface, JAVA calls this locality) or binary executable (native executable).What now application performed is the binary machine code directly run on CPU, do not need to explain through virtual machine, directly can call Android storehouse such as libc, WebKit, SQLite, OpenGL/ES (title of function library) etc. and carry out each function of calling system.If Android application will be run by JNI or native executable, become ELF file layout with regard to needing the code compilation that will perform.ELF is the abbreviation of Executable and Linkable Format, is the file layout of executable program, shared library in Android/Linux operating system.

Each Android software installation kit (APKAPK) comprises inventory (Manifest) file, and namely AndroidManifest.xml, it is stored in the bottom in project level.Inventory can the structure of definition application and assembly thereof and metadata.AndroidManifest.xml contains the node of each assembly (activity, service, Content Provider and radio receiver) of composition application program, and application target filtrator and authority are determined between these assemblies and how mutual these assemblies are with other application programs.It provides each attribute and carry out security setting and unit testing top-level node to the metadata (icon or theme) and extra can be used to that explain application program.

Label in inventory (Manifest) file contains some nodes (node), that defines the test class of application component, security setting and composition application program.Following is a list the node label in some conventional inventory (Manifest) files:

Application node label (application), generally only comprises an application node in inventory.Application node uses each attribute to carry out the various metadata (comprising title, icon and theme) of specified application.Application node can also contain the container of activity, service, Content Provider and radio receiver label as one, be used to specify application component.

Active node label (activity), each activity (Activity) of application program display requires an activity label.

Service node label (service), service label is the same with activity label, and each service class (Service) used in application program will create a new service label.

Content provider's label (provider), provider label is used for each Content Provider in application program.

Receiver label (receiver), by adding receiver label, can register a radio receiver (Broadcast Receiver), and need not start application program in advance.Radio receiver, just as clobal audiomonitor, by registering a radio receiver in statement, can make this process realize full automation.If the data transmission of a coupling has been broadcasted, then application program will start automatically, and the radio receiver of registration also can bring into operation.

User right label (uses-permission), as a part for security model, uses-permission label states those authorities defined by the user, and these authorities to be that application program normally performs necessary.

License tag (permission), license tag can before certain application component of limiting access, need to define a permission label in inventory.Permission label can be used to create these authority definitions.

Detection type (instrumentation), instrumentation class provides a framework, to be used for when application program is run testing results in movable or service.They provide certain methods and come monitoring application program and mutual with system resource thereof.

When a preferred embodiment of the present invention is applied in android system, executable file comprises dex file, the classes.dex file of dex file mainly in APK, i.e. Dalvik Executable (Dalvik virtual machine executable file).Be well known that, Dalvik is the Java Virtual Machine for Android platform.Dalvik virtual machine (Dalvik VM) is one of core component of Android mobility device.It can support the operation of the java application being converted to .dex (i.e. Dalvik Executable) form, and .dex form is a kind of compressed format aiming at Dalvik design, is applicable to internal memory and the limited system of processor speed.Dalvik, through optimizing, allows the example simultaneously running multiple virtual machine in limited internal memory, and each Dalvik applies as an independently Linux process execution.Independently process can prevent all programs when virtual machine crashes to be all closed.The threading mechanism of virtual machine, Memory Allocation and management, etc. all rely on underlying operating system and realizing, the dex file be generally included in APK file can be operationally optimised, and the file after optimization will be saved in the buffer.

Executable file can also comprise the file of expansion .jar by name.Jar file in Android installation kit is exactly dex file in fact, only its expansion .jar by name.

According to the above analysis to Android program installation kit, AndroidManifest.xml describes the information such as the name of application, version, authority, the library file quoted, therefore, first Android system needs decompress(ion) APK file when working procedure, then obtain configuration information in the androidmanifest.xml file after compiling, perform dex program.APK file is in packing process, all byte code files are changed into dex file (classes.dex) then uses Android strapping tool by dex file, and resource file and AndroidManifest.xml file group synthesize an application package (APK).

The application program that Fig. 1 shows one embodiment of the invention to be provided prevents the schematic flow sheet of reverse method, and the application program of the present embodiment prevents reverse method as described below.

101, from application program, obtain the file comprising executable code.

For example, the application program in the present embodiment, refer to the executable program be applicable under certain specific operating system, application program comprises the executable code part as program source code.For example, application program can be the software, application, software installation kit, application installation kit etc. under the Windows system that operates in, linux system, android system or other operating system.In application program, need protected executable code to be positioned in the middle of at least one file, and what will obtain in step 101 is exactly the file that these include executable code.

The application program that it should be noted that here should be without such as reinforcing, add the means process such as shell, compression, encryption, the application program that can directly normally run.

In a particular application; above-mentioned application program can comprise as the classes.dex file in Android installation kit APK (Android Package) file; and classes.dex file comprises in APK file and needs protected executable code, now include file and the classes.dex file of executable code.

102, the file of executable code is comprised described in compression, generate the file after compression and additional data, described additional data is used for reducing in the internal memory of the system running this application program and executable code in file after running described compression, and described additional data is also for preventing described executable code from being searched by reverse.

For example, additional data can comprise: for reducing in the internal memory of system running this application program and running the executable file of described executable code, with, for preventing described executable code by the reverse dynamic link library searched, described dynamic link library comprises for reducing in the internal memory of system running this application program and running the partial data of described executable code.Here not comprising complete executable code in executable file, thus can not obtain executable code by carrying out simple contrary operation to it.On the other hand, the data stored in dynamic link library have not easily by reverse feature, thus play the sequestration to executable code.

Certainly, the additional data in the present embodiment also can comprise other data or file, and the present embodiment does not limit the content that additional data comprises.

Step 103, according to the file after described compression and described additional data, generate an alternate file, using described alternate file as the file comprising executable code in described application program.

Usually, when running application, according to the executable code that the instruction starting point of application program runs application.But in the present embodiment, because the executable code in application programs has carried out compressing process, for this reason run through above-mentioned prevent reverse process after application program time, cannot directly with the executable code that original instruction starting point runs application.Therefore, in the present embodiment after generation alternate file, the operating instruction starting point of described application program is changed to the operating instruction starting point of described alternate file.

And then, during application program after running through above-mentioned steps process, first run the above-mentioned alternate file comprising additional data, and then reduce and the executable code run application.

Code file in the installation kit of the scheme of the present embodiment mainly application programs performs reinforces operation; described reinforcing operation can improve the security of application program; effectively prevent that application program from being distorted by decompiling, malice, the data message of protection application program can not be stolen by hacker, reduce that application program is implanted by virus, advertisement adds, channel of disbursement is distorted, go fishing, information kidnaps equivalent risk.

Alternatively, the file that described alternate file and described application program comprise executable code has identical filename.Based on this feature, the application program after above-mentioned steps process can not change the call relation in the file and application program comprising executable code between alternative document.

In the present embodiment; in order to the executable code part in protection application program not by decompiling and be not maliciously tampered, the data message of protection application program do not stolen by hacker; the file comprising executable code of application programs carries out compression process; obtain the file after compressing and additional data, and then the executable code of available protecting application program can be realized.

In the present embodiment, the process that application programs comprises the file of executable code can be regarded as has carried out a kind of conversion to this file, this conversion is according to the full detail of specific mode stet part, but the executable code after conversion presents sightless state to outside.For example, such conversion can be encryption, add the combination of the means such as shell, compression or above-mentioned means, and the form of conversion certainly is also not limited only to this.

Meanwhile, in order to make the operation of conversion not application programs impact, need to generate some additional datas, for running the file after above-mentioned compression in system (i.e. the operating system of above-mentioned set up applications) simultaneously.For example, additional data operationally correspondent transform can carry out a series of operation on the contrary, executable code is launched in Installed System Memory, becomes the state that can run, then adjustment programme operation or call, executable code normally can be run in internal memory.

In the present embodiment, the executable code of application programs carries out compressing the file after obtaining above-mentioned compression and additional data, can be regarded as the consolidation process of application programs.Compression in the present embodiment can be and adopts the executable code of current known compression algorithm application programs to carry out compression process.

For example, in the present embodiment, the size of the executable code after consolidation process and described additional data is n kB, the size of the executable code of application program described to be reinforced is mkB, 0<n/m≤1, thus, realizes the negative increment of the application program after consolidation process.Such as, before consolidation process, the size of the executable code part of application program can be 100KB, and the size of executable code after consolidation process can be 40KB, add again content less, size is about the additional data of 10KB, make said n/m=(40+10)/100=0.5, namely the application program after consolidation process reduces 50KB, namely can reach the object of negative increment.

Thus, the file that the present embodiment mainly comprises executable code according to application program obtains the file after compressing process and additional data two parts, wherein additional data is used for reduction, runs described executable code, and plays and prevent executable code by reverse effect of searching.Thus, the present invention compresses for the executable code occupying main storage space, and operationally uses additional data to decompress accordingly, effectively can reduce to reinforce increment when not affecting application program is normally run.

In addition, the executable program part in the additional data in the present embodiment can be recorded in for be reduced in the system (as android system) and in the executable file of executable code after consolidation process as described in running; And adopt dynamic link library record some for reducing and running the necessary information of the executable code after described consolidation process, can effectively prevent by carrying out stealing of executable code to the reverse-engineering of described executable file.

If application program is the application program run in android system, then aforesaid additional data can be for reducing in android system and running the additional data of described executable code.

Possible realize in scene at another, the method shown in earlier figures 1 also comprises following not shown step 100:

100, receive the reinforcing request of application program, described reinforcing request comprises: the installation kit of described application program, and the channel information of described application program; Described installation kit comprises: the file and the resource file that comprise executable code, be configured with the information corresponding with described channel information in described resource file;

Correspondingly, aforesaid step 101 can be specially:

101 ', according to described reinforcing request, from described application program, the file comprising executable code is obtained.

That is, in a kind of possible implementation, application program prevents reverse method from can comprise: step 100, step 101 ', step 102 and step 103.

In a particular application, reinforcing request in step 100 can specifically comprise: the installation of application program comprises and reinforces the multichannel information of this application program, specifically can include the file comprising executable code and resource file in installation kit, the name-value pair of publication channel title and corresponding channel value in described resource file, can be configured with.This channel title and channel value all belong to channel information.

More specifically, channel value here may be used for distinguishing different publication channels.For developer, its can in the resource file of application program the name-value pair of configure publication channel title and corresponding channel value.Example is applied as with Android, channel value can be set under the META-data parameter of AndroidManifest.xml file, wherein, AndroidManifest.xml file can be used for structure and the metadata of definition application and assembly thereof, META-data uses the form of " name-value " (name-value pair of channel title and corresponding channel value) to provide optional data arbitrarily to its parent component, in name-value pair " name-value ", " name " represents the unique name of publication channel, and the naming rule of Java pattern can be used to guarantee the uniqueness of title; And " value " represents the channel value that each channel is corresponding.

In the embodiment of the present invention, above-mentioned multichannel information can be used for the information representing the multiple publication channel reinforcing this application program.Such as, user, after the APK file submitting Android application " ink marks weather " to, can specify reinforcing publication channel by submitting to following multichannel information, as existing 360,91 assistants, pea pods, Kingsoft etc.

The application program of the present embodiment prevents reverse method; protecting code is directly inserted in the code of executable file; the program entry of corresponding modify global configuration file (comprising file and the resource file of executable code); achieve the reconstruct of the file comprising executable code; thus when program is run; first protecting code is performed; to carry out corresponding decryption processing; directly the file comprising executable code is processed; add the flexibility ratio of the file protection comprising executable code, further increase the security of software installation kit.

Especially, the present embodiment adopts high in the clouds reinforcing mode, and developer can directly enter to reinforce from open platform homepage (such as dev.360.cn) and protect the page, and webpage clicks " uploading application ".One key is uploaded, and automatically reinforces, and application can complete safety monitoring and protection on backstage; Then click " down load application ", the reinforcing bag downloaded is signed again, safest product can be distributed to each application market.In addition, the page of the present embodiment can also provide signature instrument, or allow user upload signature secret key automatically sign after completing reinforcing.

Further, insert in the code of each class and separate shell trigger code and the collapse code with decompiling instrument, when each class is run, separately the class run is decrypted, can effectively prevents crack tool from carrying out internal memory intercepting (dump).

Fig. 2 shows the schematic flow sheet of the operation method of a kind of application program that one embodiment of the invention provides, and the method comprises:

201, the file comprising executable code in application program after compression and additional data is obtained, described additional data generates in the process of the file of executable code for comprising described in compression, for reducing in the internal memory of system running this application program and running described executable code, prevent described executable code by reverse data of searching;

202, according to described additional data, decompression is carried out to the file comprising executable code after compression, and reduce in the internal memory of system running this application program and run the executable code after decompressing.

In a particular application, additional data in abovementioned steps 201 can comprise: for reducing in the internal memory of system running this application program and running the executable file of described executable code, with, for preventing described executable code by the reverse dynamic link library searched, described dynamic link library comprises for reducing in the internal memory of system running this application program and running the partial data of described executable code.

Thus, above-mentioned steps 202 can be specially: utilize the executable file in described additional data to call described dynamic link library and carry out decompression to the file comprising executable code after described compression, executable code in the internal memory of system running this application program after reduction decompression, and the executable code after making the operating instruction starting point of described application program point to reduction.

Will be understood that, correspond to and carry out through the above-mentioned reverse method that prevents the application program processed, adopt corresponding process to carry out the decompression of executable code, reduction and operation here, the application program of process thus can be made normally to run.Specifically, additional data operationally corresponds to above-mentioned conversion can carry out a series of operation on the contrary, executable code is launched in Installed System Memory, becomes the state that can run, then adjustment programme operation or call, executable code normally can be run in internal memory.

For example, the system of described this application program of operation can be android system; The file that described application program comprises executable code can be the classes.dex file in Android installation kit APK file.

In order to be illustrated more clearly in the technical scheme of the present embodiment, lower mask body, for the reinforcement means of the APK file under a kind of android system and operation method, prevents reverse method and operation method to be further described to above-mentioned application program.

Wherein, APK is the abbreviation of Android Package, the installation kit file namely in android system.And the executable code part in file is recorded in the classes.dex file that obtains after APK file decompress(ion); in order to protection application developer the fruit of labour, avoid application to be distorted etc. by decompiling, malice, generally need to protect APK file, classes.dex file especially wherein.

Fig. 3 shows the process flow diagram of the reinforcement means of the APK file under a kind of android system, specifically, as follows to the reinforcement means flow process of this file:

First, APK file is decompressed, obtain classes.dex file wherein.It should be noted that, if APK file here passes through other encryptions, should first be decrypted accordingly, make classes.dex file be that directly record needs the executable code of protection.In addition, in reinforcement means implementation procedure, need the signature removing digital certificate in former APK file, therefore need again to be signed by the digital certificate of correspondence after reinforcing.

Next, high strength compression is carried out to classes.dex file, at this, file after compression is called classes.part1 file; Simultaneously, generate the executable file load.dex in described additional data and dynamic data library file load.so, and the decompress partial data of executable code of being used for of correspondence is added in load.dex, other partial datas being used for decompressing are added in load.so, certainly, these two parts data are mutual correspondences, cooperatively interact.Other partial datas of the decompression at this place can be for reducing and running the data except the data in load.dex of executable code.

Finally, using the main part of classes.part1 as the classes.dex file after reinforcing, and load.so and load.dex is added among this classes.dex, form new classes.dex file; Using this file to replace original classes.dex file, and be again compressed into together with the alternative document in APK in the APK file after a reinforcing, reinforcing can be completed when not changing the relation between APK internal file.

Specifically, in the executable program code of load.dex file, be mainly used in performing following flow process: first, load.dex file is as the operating instruction starting point of system, directly utilize load.so find corresponding classes.part1 file and decompress, be reduced to make the data of classes.dex file; The second, in the internal memory of system, the data restored being put on a suitable position and carrying out some follow-up process, make the data of classes.dex file be extended to suitable position, reaching can by the state of normal call.For example, load.dex file is after the data of reduction classes.dex file, the class (class) of correspondence is put in the middle of the array had in Installed System Memory, make in the process of each class of system loads, the class of correspondence also can be called while calling this array, calling program can be run according to the executable code in classes.dex file originally since then.

On the other hand, code execution sequence needs adjust accordingly, after the data of the classes.dex file namely after reinforcing are fully launched in the internal memory of system, need adjustment run time version order, the data in the classes.dex file after making the main body called become expansion.And, initial run the classes.dex file after reinforcing time, because classes.part1 can't directly run, so program can perform from load.dex place.On the whole, the step performed by load.dex is equivalent to the process of a prestrain.

In addition, in order to prevent carrying out cracking of above-mentioned executable code by loading all classes simultaneously, the content of carrying out following operation can be added: judge whether have the class exceeding threshold percentage to be loaded (such as judging whether to load the class of in the list of all classes more than 70%) in the list of all classes, if then eliminate the data of the class of reducing at first at load.dex file or other positions simultaneously.This operation can ensure that the data of whole class can not appear in internal memory simultaneously, prevents from cracking above-mentioned executable code by means such as internal memory interceptings.

Visible, load.dex is the specific file generated in reinforcement means, and be also the executive agent of the operation method of the application program after reinforcing, the above-mentioned explanation for load.dex also can represent the flow process of the operation method of application program in this example.

It should be noted that the classes.dex size before consolidation process is generally hundreds of KB, can about 50% be reduced after carrying out high strength compression; And above-mentioned can be a hundreds of byte for reducing and performing the size of the load.dex of the executable code in classes.dex minimum, maximumly have tens KB, corresponding load.so size is generally several KB, visible above-mentioned reinforcement means can ensure the basis that original application program is normally run to reach the object of reinforcing increment and reducing and even bearing reinforcing increment, thus can improve the efficiency of the operation of application program, storage and transmission, what be conducive to applying uses and promotes.

It should be noted that, above-mentioned filename load.dex, load.so, classes.part1 are only a kind of examples, and it can use alternative document name to carry out equivalent replacement; And in actual applications, the order between each step of reinforcement means can be exchanged; In addition, can adjust neatly in actual applications for the division of data between file; Above-mentioned replacement, exchange or adjustment also affect the essence of technique scheme, therefore do not make the essence of appropriate technical solution depart from the scope of the claims in the present invention.

A kind of application program that Fig. 4 shows one embodiment of the invention to be provided prevents the structural representation of reverse device, and described bracing means comprises:

Acquiring unit 401, for obtaining the file comprising executable code from application program;

Compression unit 402, for compressing the file comprising executable code described in the acquisition of described acquiring unit, generate the file after compression and additional data, described additional data is used for reducing in the internal memory of the system running this application program and executable code in file after running described compression, and described additional data is also for preventing described executable code from being searched by reverse;

Alternate file generation unit 403, for the file after the described compression that generates according to described compression unit and described additional data, generates an alternate file, using described alternate file as the file comprising executable code in described application program.

In the present embodiment, additional data can comprise: for reducing in the internal memory of system running this application program and running the executable file of described executable code, with, for preventing described executable code by the reverse dynamic link library searched, described dynamic link library comprises for reducing in the internal memory of system running this application program and running the partial data of described executable code.

In a particular application, this device also comprises in Fig. 4 unshowned: changing unit 404, for the operating instruction starting point of described application program being changed to the operating instruction starting point of described alternate file.

Alternatively, the file that described alternate file and described application program comprise executable code has identical filename.Alternatively, the system of the described application program of described operation is android system; The file that described application program comprises executable code is the classes.dex file in Android installation kit APK file.

Possible realize in scene at another, in the device shown in earlier figures 4, also comprise following not shown interface unit 400:

Interface unit 400, for receiving the reinforcing request of application program, described reinforcing request comprises: the installation kit of described application program, and the channel information of described application program; Described installation kit comprises: the file and the resource file that comprise executable code, be configured with the information corresponding with described channel information in described resource file;

Correspondingly, aforementioned acquiring unit 401 can be specifically for:

According to the reinforcing request that described interface unit 400 receives, from described application program, obtain the file comprising executable code.

In a particular application, above-mentioned reinforcing request can specifically comprise: the installation of application program comprises and reinforces the multichannel information of this application program, specifically can include the file comprising executable code and resource file in installation kit, the name-value pair of publication channel title and corresponding channel value in described resource file, can be configured with.This channel title and channel value all belong to channel information.

The bracing means provided due to the embodiment of the present invention can perform the flow process of the reinforcement means shown in earlier figures 1, and the present embodiment does not describe in detail at this.

In sum, the file that the present embodiment mainly comprises executable code according to application program obtains the file after compressing process and additional data two parts, wherein additional data is used for reduction, runs described executable code, and plays and prevent executable code by reverse effect of searching.Thus, the present invention compresses for the executable code occupying main storage space, and operationally uses additional data to decompress accordingly, effectively can reduce to reinforce increment when not affecting application program is normally run.

Fig. 5 shows the structural representation of the terminal that one embodiment of the invention provides, and described terminal comprises:

Acquiring unit 501, for obtaining the file comprising executable code after compressing in application program and additional data, described additional data generates in the process of the file of executable code for comprising described in compression, for reducing in the internal memory of system running this application program and running described executable code, prevent described executable code by reverse data of searching;

Decompression unit 502, for according to described additional data, carries out decompression to the file comprising executable code after compression, and reduces in the internal memory of system running this application program and run the executable code after decompressing.

In a particular application, above-mentioned additional data can comprise: for reducing in the internal memory of system running this application program and running the executable file of described executable code, with, for preventing described executable code by the reverse dynamic link library searched, described dynamic link library comprises for reducing in the internal memory of system running this application program and running the partial data of described executable code.

For example, aforesaid decompression unit 502 can be specifically for: the executable file in the described additional data utilizing described acquiring unit to obtain calls described dynamic link library and carries out decompression to the file comprising executable code after described compression, executable code in the internal memory of system running this application program after reduction decompression, and the executable code after making the operating instruction starting point of described application program point to reduction.

In the present embodiment, the system of the described application program of described operation is android system; The file that described application program comprises executable code is the classes.dex file in Android installation kit APK file.

Terminal in above-described embodiment can run the application program after reinforcing preferably, and can perform the flow process of the operation method shown in earlier figures 2, and the present embodiment does not describe in detail at this.

Other embodiments of the present invention also disclose following content:

A1, a kind of application program prevent reverse method, comprising:

The file comprising executable code is obtained from application program;

The file of executable code is comprised described in compression, generate the file after compression and additional data, described additional data is used for reducing in the internal memory of the system running this application program and executable code in file after running described compression, and described additional data is also for preventing described executable code from being searched by reverse;

According to the file after described compression and described additional data, generate an alternate file, using described alternate file as the file comprising executable code in described application program.

A2, method according to aforementioned schemes A1, described additional data comprises:

For reducing in the internal memory of system running this application program and running the executable file of described executable code, and,

For preventing described executable code by the reverse dynamic link library searched, described dynamic link library comprises for reducing in the internal memory of system running this application program and running the partial data of described executable code.

A3, method according to aforementioned schemes A1 or A2, described obtain from application program comprise the file of executable code before, described method also comprises:

Receive the reinforcing request of application program, described reinforcing request comprises: the installation kit of described application program, and the channel information of described application program; Described installation kit comprises: the file and the resource file that comprise executable code, be configured with the information corresponding with described channel information in described resource file;

Correspondingly, described acquisition from application program comprises the file of executable code, comprising:

According to described reinforcing request, from described application program, obtain the file comprising executable code.

A4, method according to aforementioned schemes A2, also comprise:

The operating instruction starting point of described application program is changed to the operating instruction starting point of described alternate file.

A5, method according to aforementioned schemes A1, also comprise:

The file that described alternate file and described application program comprise executable code has identical filename.

A6, according to the method in aforementioned schemes A1, A2, A4, A5 described in any one, the system of the described application program of described operation is android system; The file that described application program comprises executable code is the classes.dex file in Android installation kit APK file.

Other embodiments of the present invention also disclose following content:

The operation method of B1, a kind of application program, comprising:

Obtain the file comprising executable code in application program after compression and additional data, described additional data generates in the process of the file of executable code for comprising described in compression, for reducing in the internal memory of system running this application program and running described executable code, prevent described executable code by reverse data of searching;

According to described additional data, decompression is carried out to the file comprising executable code after compression, and reduce in the internal memory of system running this application program and run the executable code after decompressing.

B2, method according to aforementioned schemes B1, described additional data comprises:

B3, method according to aforementioned schemes B2, described according to described additional data, decompression is carried out to the file comprising executable code after compression, and reduce in the internal memory of system running this application program and the step of executable code after running decompression, comprising:

Utilize the executable file in described additional data to call described dynamic link library and decompression is carried out to the file comprising executable code after described compression, executable code in the internal memory of system running this application program after reduction decompression, and the executable code after making the operating instruction starting point of described application program point to reduction.

B4, according to the method in aforementioned schemes B1 to B3 described in any one, the system of the described application program of described operation is android system;

The file that described application program comprises executable code is the classes.dex file in Android installation kit APK file.

Other embodiments of the present invention also disclose following content:

C1, a kind of application program prevent reverse device, and described device comprises:

Acquiring unit, for obtaining the file comprising executable code from application program;

Compression unit, for compressing the file comprising executable code described in the acquisition of described acquiring unit, generate the file after compression and additional data, described additional data is used for reducing in the internal memory of the system running this application program and executable code in file after running described compression, and described additional data is also for preventing described executable code from being searched by reverse;

Alternate file generation unit, for the file after the described compression that generates according to described compression unit and described additional data, generates an alternate file, using described alternate file as the file comprising executable code in described application program.

C2, device according to aforementioned schemes C1, described additional data comprises:

C3, device according to aforementioned schemes C1 or C2, this device also comprises:

Interface unit, for receiving the reinforcing request of application program, described reinforcing request comprises: the installation kit of described application program, and the channel information of described application program; Described installation kit comprises: the file and the resource file that comprise executable code, be configured with the information corresponding with described channel information in described resource file;

Correspondingly, acquiring unit specifically for:

According to the reinforcing request that described interface unit receives, from described application program, obtain the file comprising executable code.

C4, device according to aforementioned schemes C2, this device also comprises:

Changing unit, for changing to the operating instruction starting point of described alternate file by the operating instruction starting point of described application program.

C5, device according to aforementioned schemes C1, the file that described alternate file and described application program comprise executable code has identical filename.

C6, according to the device in aforementioned schemes C1, C2, C4, C5 described in any one, the system of the described application program of described operation is android system;

Other embodiments of the present invention also disclose following content:

D1, a kind of terminal, comprising:

Acquiring unit, for obtaining the file comprising executable code after compressing in application program and additional data, described additional data generates in the process of the file of executable code for comprising described in compression, for reducing in the internal memory of system running this application program and running described executable code, prevent described executable code by reverse data of searching;

Decompression unit, for the described additional data obtained according to described acquiring unit, carries out decompression to the file comprising executable code after compression, and reduces in the internal memory of system running this application program and run the executable code after decompressing.

D2, terminal according to aforementioned schemes D1, described additional data comprises:

D3, terminal according to aforementioned schemes D2, described decompression unit, specifically for: the executable file in the described additional data utilizing described acquiring unit to obtain calls described dynamic link library and carries out decompression to the file comprising executable code after described compression, executable code in the internal memory of system running this application program after reduction decompression, and the executable code after making the operating instruction starting point of described application program point to reduction.

D4, according to the terminal in aforementioned schemes D1 to D3 described in any one, the system of the described application program of described operation is android system;

Summary of the invention

For defect of the prior art, the invention provides a kind of application program and prevent reverse method and device, the operation method of application program and terminal, the reinforcing increment that application program in prior art is produced by reinforcing process can be reduced, prevent the executable code in application program from being searched by reverse simultaneously.

First aspect, the invention provides a kind of application program and prevents reverse method, it is characterized in that, comprising:

The file comprising executable code is obtained from application program;

Alternatively, described additional data comprises:

Alternatively, the method also comprises: the operating instruction starting point operating instruction starting point of described application program being changed to described alternate file.

Alternatively, the file that described alternate file and described application program comprise executable code has identical filename.

Alternatively, the system of the described application program of described operation is android system; The file that described application program comprises executable code is the classes.dex file in Android installation kit APK file.

Alternatively, described from application program obtain comprise the file of executable code before, described method also comprises:

Second aspect, present invention also offers a kind of operation method of application program, comprising:

Alternatively, described additional data comprises:

Alternatively, described according to described additional data, decompression is carried out to the file comprising executable code after compression, and reduce in the internal memory of system running this application program and the step of executable code after running decompression, comprising:

Alternatively, the executable code of described application program is: the system of the described application program of described operation is android system; The file that described application program comprises executable code is the classes.dex file in Android installation kit APK file.

The third aspect, present invention also offers a kind of application program and prevent reverse device, this device comprises:

Alternatively, described additional data comprises:

Alternatively, this device also comprises: changing unit, for the operating instruction starting point of described application program being changed to the operating instruction starting point of described alternate file.

Alternatively, this device also comprises:

Correspondingly, acquiring unit specifically for:

Fourth aspect, present invention also offers a kind of terminal, comprising:

Decompression unit, for according to described additional data, carries out decompression to the file comprising executable code after compression, and reduces in the internal memory of system running this application program and run the executable code after decompressing.

Alternatively, described additional data comprises:

Alternatively, described decompression unit, executable file in the described additional data obtained specifically for utilizing described acquiring unit calls described dynamic link library and carries out decompression to the file comprising executable code after described compression, executable code in the internal memory of system running this application program after reduction decompression, and the executable code after making the operating instruction starting point of described application program point to reduction.

As shown from the above technical solution, the file that the present invention mainly comprises executable code according to application program obtains the file after compressing process and additional data two parts, wherein additional data is used for reduction, runs described executable code, and plays and prevent executable code by reverse effect of searching.Thus, the present invention compresses for the executable code occupying main storage space, and operationally uses additional data to decompress accordingly, effectively can reduce to reinforce increment when not affecting application program is normally run.

In instructions of the present invention, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.

Similarly, be to be understood that, to disclose and to help to understand in each inventive aspect one or more to simplify the present invention, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should not explained the following intention in reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.

It will be understood by those skilled in the art that adaptively to change the module in the equipment in embodiment and they are arranged and be in one or more equipment that this embodiment is different.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit is mutually exclusive part, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.

In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary array mode.

All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the some or all parts in the equipment of a kind of browser terminal of the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.

The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.

Last it is noted that above each embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to foregoing embodiments to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein some or all of technical characteristic; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme, it all should be encompassed in the middle of the scope of claim of the present invention and instructions.

Accompanying drawing explanation

Fig. 1 prevents the schematic flow sheet of reverse method for application program that one embodiment of the invention provides;

The schematic flow sheet of the operation method of the application program that Fig. 2 provides for one embodiment of the invention;

The schematic flow sheet of the reinforcement means of the APK file under the android system that Fig. 3 provides for one embodiment of the invention;

Fig. 4 prevents the structural representation of reverse device for application program that one embodiment of the invention provides;

The structural representation of the terminal that Fig. 5 provides for one embodiment of the invention.

Embodiment

Below in conjunction with drawings and Examples, the specific embodiment of the present invention is described in further detail.Following examples for illustration of the present invention, but are not used for limiting the scope of the invention.

Claims

1. application program prevents a reverse method, it is characterized in that, comprising:

The file comprising executable code is obtained from application program;

2. method according to claim 1, is characterized in that, described additional data comprises:

3. method according to claim 1 and 2, is characterized in that, described from application program obtain comprise the file of executable code before, described method also comprises:

4. an operation method for application program, is characterized in that, comprising:

5. method according to claim 4, is characterized in that, described additional data comprises:

6. application program prevents a reverse device, it is characterized in that, described device comprises:

7. device according to claim 6, is characterized in that, described additional data comprises:

8. the device according to claim 6 or 7, is characterized in that, this device also comprises:

Correspondingly, acquiring unit specifically for:

9. a terminal, is characterized in that, comprising:

10. terminal according to claim 9, is characterized in that, described additional data comprises: